Web-based authentication and single sign-on (SSO) authentication are done over the top of a network without any knowledge of where an authenticating host device may be attached. For example, when a host device (e.g., Host1) is authenticated in a conventional web-based or SSO authentication environment, information about the network location of Host1 is not known by the authentication authority/service. In most cases, the authentication process works as ships passing in the night.
IEEE 802.1x, which is the standard for port-based network access control, attempts to address this problem, but it has proven impractical for wired host deployment. Additionally, web-based authentication has emerged as the desirable mechanism to authenticate any host, and furthermore, SSO environments are web based. In these environments, it is desirable to enforce the authorization policy at the network level. However, there is no correlation between the authentication process and the network or topological location of the authenticating host.